CVSS: 5.4EPSS: 0%CPEs: 77EXPL: 0CVE-2016-3014
https://notcve.org/view.php?id=CVE-2016-3014
Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Quality Manager 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Team Concert 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational DOORS Next Generation 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad XSS en IBM Rational Collaborative Lifecycle Management 4.0 en versiones anteriores a 4.0.7 iFix11 y 5.0 en versiones anteriores a 5.0.2 iFix17, Rational Quality Manager 4.0 en versiones anteriores a 4.0.7 iFix11 y 5.0 en versiones anteriores a 5.0.2 iFix17, Rational Team Concert 4.0 en versiones anteriores a 4.0.7 iFix11 y 5.0 en versiones anteriores a 5.0.2 iFix17, Rational DOORS Next Generation 4.0 en versiones anteriores a 4.0.7 iFix11 y 5.0 en versiones anteriores a 5.0.2 iFix17, Rational Engineering Lifecycle Manager 4.x en versiones anteriores a 4.0.7 iFix11 y 5.0 en versiones anteriores a 5.0.2 iFix17, Rational Rhapsody Design Manager 4.0 en versiones anteriores a 4.0.7 iFix11 y 5.0 en versiones anteriores a 5.0.2 iFix17 y Rational Software Architect Design Manager 4.0 en versiones anteriores a 4.0.7 iFix11 y 5.0 en versiones anteriores a 5.0.2 iFix17 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21992151 http://www.securityfocus.com/bid/93515 http://www.securitytracker.com/id/1037025 http://www.securitytracker.com/id/1037026 http://www.securitytracker.com/id/1037027 http://www.securitytracker.com/id/1037028 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 101EXPL: 0CVE-2016-2926
https://notcve.org/view.php?id=CVE-2016-2926
Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Quality Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Team Concert 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational DOORS Next Generation 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en IBM Rational Collaborative Lifecycle Management 4.0 en versiones anteriores a 4.0.7 iFix11, 5.0 en versiones anteriores a 5.0.2 iFix19 y 6.0 en versiones anteriores a 6.0.2 iFix3; Rational Quality Manager 4.0 en versiones anteriores a 4.0.7 iFix11, 5.0 en versiones anteriores a 5.0.2 iFix19 y 6.0 en versiones anteriores a 6.0.2 iFix3; Rational Team Concert 4.0 en versiones anteriores a 4.0.7 iFix11, 5.0 en versiones anteriores a 5.0.2 iFix19 y 6.0 en versiones anteriores a 6.0.2 iFix3; Rational DOORS Next Generation 4.0 en versiones anteriores a 4.0.7 iFix11, 5.0 en versiones anteriores a 5.0.2 iFix19 y 6.0 en versiones anteriores a 6.0.2 iFix3; Rational Engineering Lifecycle Manager 4.x en versiones anteriores a 4.0.7 iFix11, 5.0 en versiones anteriores a 5.0.2 iFix19 y 6.0 en versiones anteriores a 6.0.2 iFix3; Rational Rhapsody Design Manager 4.0 en versiones anteriores a 4.0.7 iFix11, 5.0 en versiones anteriores a 5.0.2 iFix19 y 6.0 en versiones anteriores a 6.0.2 iFix3; y Rational Software Architect Design Manager 4.0 en versiones anteriores a 4.0.7 iFix11, 5.0 en versiones anteriores a 5.0.2 iFix19 y 6.0 en versiones anteriores a 6.0.2 iFix3 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg21993444 http://www.securityfocus.com/bid/94146 http://www.securitytracker.com/id/1037276 http://www.securitytracker.com/id/1037277 http://www.securitytracker.com/id/1037278 http://www.securitytracker.com/id/1037279 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 15EXPL: 0CVE-2016-2986
https://notcve.org/view.php?id=CVE-2016-2986
Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 6.x before 6.0.1 iFix6, Rational Quality Manager 6.x before 6.0.1 iFix6, Rational Team Concert 6.x before 6.0.1 iFix6, Rational DOORS Next Generation 6.x before 6.0.1 iFix6, Rational Engineering Lifecycle Manager 6.x before 6.0.1 iFix6, and Rational Rhapsody Design Manager 6.x before 6.0.1 iFix6 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en IBM Rational Collaborative Lifecycle Management 6.x en versiones anteriores a 6.0.1 iFix6, Rational Quality Manager 6.x en versiones anteriores a 6.0.1 iFix6, Rational Team Concert 6.x en versiones anteriores a 6.0.1 iFix6, Rational DOORS Next Generation 6.x en versiones anteriores a 6.0.1 iFix6, Rational Engineering Lifecycle Manager 6.x en versiones anteriores a 6.0.1 iFix6 y Rational Rhapsody Design Manager 6.x en versiones anteriores a 6.0.1 iFix6 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21989940 http://www.securityfocus.com/bid/92869 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.0EPSS: 0%CPEs: 101EXPL: 0CVE-2016-2947
https://notcve.org/view.php?id=CVE-2016-2947
IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Team Concert 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational DOORS Next Generation 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5 allow remote authenticated users to obtain sensitive information via unspecified vectors. IBM Rational Collaborative Lifecycle Management 4.0 en versiones anteriores a 4.0.7 iFix11, 5.0 en versiones anteriores a 5.0.2 iFix18 y 6.0 en versiones anteriores a 6.0.2 iFix5; Rational Quality Manager 4.0 en versiones anteriores a 4.0.7 iFix11, 5.0 en versiones anteriores a 5.0.2 iFix18 y 6.0 en versiones anteriores a 6.0.2 iFix5; Rational Team Concert 4.0 en versiones anteriores a 4.0.7 iFix11, 5.0 en versiones anteriores a 5.0.2 iFix18 y 6.0 en versiones anteriores a 6.0.2 iFix5; Rational DOORS Next Generation 4.0 en versiones anteriores a 4.0.7 iFix11, 5.0 en versiones anteriores a 5.0.2 iFix18 y 6.0 en versiones anteriores a 6.0.2 iFix5; Rational Engineering Lifecycle Manager 4.x en versiones anteriores a 4.0.7 iFix11, 5.0 en versiones anteriores a 5.0.2 iFix18 y 6.0 en versiones anteriores a 6.0.2 iFix5; Rational Rhapsody Design Manager 4.0 en versiones anteriores a 4.0.7 iFix11, 5.0 en versiones anteriores a 5.0.2 iFix18 y 6.0 en versiones anteriores a 6.0.2 iFix5; y Rational Software Architect Design Manager 4.0 en versiones anteriores a 4.0.7 iFix11, 5.0 en versiones anteriores a 5.0.2 iFix18 y 6.0 en versiones anteriores a 6.0.2 iFix5 permiten a usuarios remotos autenticados obtener información sensible a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21991477 http://www.securityfocus.com/bid/94518 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5955
https://notcve.org/view.php?id=CVE-2016-5955
Cross-site scripting (XSS) vulnerability in IBM Rational DOORS Next Generation 6.0.2 before iFix004 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en IBM Rational DOORS Next Generation 6.0.2 en versiones anteriores a iFix004 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21990054 http://www.securityfocus.com/bid/93154 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •